From 2dbb95ed55973f4cfbffe44871b9b344179b6fff Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 23 Jul 2009 22:36:07 +0200
Subject: [PATCH] Move away from generate.conf and use the information provided
 in the ldap

---
 debian/changelog  |  6 ++--
 debian/install    |  1 -
 generate.conf     |  1 -
 ud-generate       | 77 ++++++++++++++++++++---------------------------
 userdir-ldap.conf |  3 +-
 userdir_ldap.py   |  3 +-
 6 files changed, 41 insertions(+), 50 deletions(-)
 delete mode 100644 generate.conf

diff --git a/debian/changelog b/debian/changelog
index e2730c4..49c8448 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,12 @@
-userdir-ldap (0.3.67+XY) unstable; urgency=low
+userdir-ldap (0.3.68) unstable; urgency=low
 
   * userdir-ldap.conf: localsyncon = "*draghi*"
   * userdir-ldap-slapd.conf.in: database hdb
   * schema: allowedGroups, exportOptions attribute for servers
+  * Move away from generate.conf and use the information provided in
+    the ldap.
 
- -- Peter Palfrader <weasel@debian.org>  Thu, 23 Jul 2009 18:16:35 +0200
+ -- Peter Palfrader <weasel@debian.org>  Thu, 23 Jul 2009 22:32:44 +0200
 
 userdir-ldap (0.3.67) unstable; urgency=low
 
diff --git a/debian/install b/debian/install
index 5193672..af42492 100644
--- a/debian/install
+++ b/debian/install
@@ -22,7 +22,6 @@ ud-zoneupdate usr/bin
 ud-roleadd usr/bin
 sigcheck usr/bin
 userdir-ldap.conf etc/userdir-ldap/
-generate.conf etc/userdir-ldap/
 templates/ etc/userdir-ldap/
 userdir-ldap.schema etc/ldap/schema/
 userdir-ldap-slapd.conf etc/ldap/
diff --git a/generate.conf b/generate.conf
deleted file mode 100644
index bc427ad..0000000
--- a/generate.conf
+++ /dev/null
@@ -1 +0,0 @@
-# See /usr/share/doc/userdir-ldap
diff --git a/ud-generate b/ud-generate
index aae8fd6..f8dbf0a 100755
--- a/ud-generate
+++ b/ud-generate
@@ -746,7 +746,7 @@ def isRoleAccount(pwEntry):
       return False
 
 # Generate the DNS Zone file
-def GenDNS(File, HomePrefix):
+def GenDNS(File):
    F = None
    try:
       F = open(File + ".tmp", "w")
@@ -799,7 +799,7 @@ def GenDNS(File, HomePrefix):
    Done(File, F, None)
 
 # Generate the DNS SSHFP records
-def GenSSHFP(File, HomePrefix):
+def GenSSHFP(File):
    F = None
    try:
       F = open(File + ".tmp", "w")
@@ -1030,14 +1030,8 @@ if PasswdAttrs is None:
    raise UDEmptyList, "No Users"
 
 # Fetch all the hosts
-HostAttrs    = l.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "sshRSAHostKey=*",\
-                ["hostname", "sshRSAHostKey", "purpose"])
-
-# Open the control file
-if len(sys.argv) == 1:
-   F = open(GenerateConf, "r")
-else:
-   F = open(sys.argv[1], "r")
+HostAttrs    = l.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "objectClass=debianServer",\
+                ["hostname", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions"])
 
 # Generate global things
 GlobalDir = GenerateDir + "/"
@@ -1071,18 +1065,12 @@ GenMarkers(GlobalDir + "markers")
 GenSSHKnown(GlobalDir + "ssh_known_hosts")
 GenHosts(l, GlobalDir + "debianhosts")
 
-while(1):
-   Line = F.readline()
-   if Line == "":
-      break
-   Line = Line.strip()
-   if Line == "":
-      continue
-   if Line[0] == '#':
+for host in HostAttrs:
+   if not "hostname" in host[1]:
       continue
 
-   Split = Line.split(" ")
-   OutDir = GenerateDir + '/' + Split[0] + '/'
+   CurrentHost = host[1]['hostname'][0]
+   OutDir = GenerateDir + '/' + CurrentHost + '/'
    try:
       os.mkdir(OutDir)
    except: 
@@ -1090,45 +1078,46 @@ while(1):
 
    # Get the group list and convert any named groups to numerics
    GroupList = {}
+   for groupname in AllowedGroupsPreload.strip().split(" "):
+      GroupList[groupname] = True
+   if 'allowedGroups' in host[1]:
+      for groupname in host[1]['allowedGroups']:
+         GroupList[groupname] = True
+   for groupname in GroupList.keys():
+      if groupname in GroupIDMap:
+         GroupList[str(GroupIDMap[groupname])] = True
+
    ExtraList = {}
-   for I in Split[2:]:
-      if I[0] == '[':
-         ExtraList[I] = None
-         continue
-      GroupList[I] = None
-      if GroupIDMap.has_key(I):
-         GroupList[str(GroupIDMap[I])] = None
+   if 'exportOptions' in host[1]:
+      for extra in host[1]['exportOptions']:
+         ExtraList[extra.upper()] = True
 
    Allowed = GroupList
    if Allowed == {}:
       Allowed = None
-   CurrentHost = Split[0]
 
    DoLink(GlobalDir, OutDir, "debianhosts")
    DoLink(GlobalDir, OutDir, "ssh_known_hosts")
    DoLink(GlobalDir, OutDir, "disabled-accounts")
 
    sys.stdout.flush()
-   if ExtraList.has_key("[NOPASSWD]"):
-      userlist = GenPasswd(OutDir + "passwd", Split[1], "*")
+   if 'NOPASSWD' in ExtraList:
+      userlist = GenPasswd(OutDir + "passwd", HomePrefix, "*")
    else:
-      userlist = GenPasswd(OutDir + "passwd", Split[1], "x")
+      userlist = GenPasswd(OutDir + "passwd", HomePrefix, "x")
    sys.stdout.flush()
    grouprevmap = GenGroup(OutDir + "group")
-   GenShadowSudo(OutDir + "sudo-passwd", ExtraList.has_key("[UNTRUSTED]") or ExtraList.has_key("[NOPASSWD]"))
+   GenShadowSudo(OutDir + "sudo-passwd", ('UNTRUSTED' in ExtraList) or ('NOPASSWD' in ExtraList))
 
    # Now we know who we're allowing on the machine, export
    # the relevant ssh keys
    GenSSHtarballs(userlist, SSHFiles, grouprevmap, os.path.join(OutDir, 'ssh-keys.tar.gz'))
 
-   if ExtraList.has_key("[UNTRUSTED]"):
-      print "[UNTRUSTED] tag is obsolete and may be removed in the future."
-      continue
-   if not ExtraList.has_key("[NOPASSWD]"):
+   if not 'NOPASSWD' in ExtraList:
       GenShadow(OutDir + "shadow")
 
    # Link in global things
-   if not ExtraList.has_key("[NOMARKERS]"):
+   if not 'NOMARKERS' in ExtraList:
       DoLink(GlobalDir, OutDir, "markers")
    DoLink(GlobalDir, OutDir, "mail-forward.cdb")
    DoLink(GlobalDir, OutDir, "mail-contentinspectionaction.cdb")
@@ -1142,17 +1131,17 @@ while(1):
    # Compatibility.
    DoLink(GlobalDir, OutDir, "forward-alias")
 
-   if ExtraList.has_key("[DNS]"):
-      GenDNS(OutDir + "dns-zone", Split[1])
-      GenSSHFP(OutDir + "dns-sshfp", Split[1])
+   if 'DNS' in ExtraList:
+      GenDNS(OutDir + "dns-zone")
+      GenSSHFP(OutDir + "dns-sshfp")
 
-   if ExtraList.has_key("[BSMTP]"):
-      GenBSMTP(OutDir + "bsmtp", Split[1])
+   if 'BSMTP' in ExtraList:
+      GenBSMTP(OutDir + "bsmtp", HomePrefix)
 
-   if ExtraList.has_key("[PRIVATE]"):
+   if 'PRIVATE' in ExtraList:
       DoLink(GlobalDir, OutDir, "debian-private")
 
-   if ExtraList.has_key("[KEYRING]"):
+   if 'KEYRING' in ExtraList:
       for k in Keyrings:
         DoLink(GlobalDir, OutDir, os.path.basename(k))
    else:
diff --git a/userdir-ldap.conf b/userdir-ldap.conf
index 3fff7cf..e01b60f 100644
--- a/userdir-ldap.conf
+++ b/userdir-ldap.conf
@@ -38,9 +38,10 @@ ech_mainlog = "/org/db.debian.org/mail/Log/ech.log"
 defaultgid = 800;
 
 # For the output generator
-generateconf = "/etc/userdir-ldap/generate.conf"
 generatedir = "/var/cache/userdir-ldap/hosts/";
 passdir = "/etc/userdir-ldap/";
+allowedgroupspreload = "adm";
+homeprefix = "/home/";
 
 # GPG Things
 gpg = "/usr/bin/gpg";
diff --git a/userdir_ldap.py b/userdir_ldap.py
index d1881f7..109c7ce 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -38,7 +38,8 @@ LDAPServer = ConfModule.ldaphost;
 EmailAppend = ConfModule.emailappend;
 AdminUser = ConfModule.adminuser;
 GenerateDir = ConfModule.generatedir;
-GenerateConf = ConfModule.generateconf;
+AllowedGroupsPreload = ConfModule.allowedgroupspreload;
+HomePrefix = ConfModule.homeprefix;
 DefaultGID = ConfModule.defaultgid;
 TemplatesDir = ConfModule.templatesdir;
 PassDir = ConfModule.passdir;
-- 
2.20.1